Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-270 | Privilege Context Switching Error The software does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control. | 0 | 0 | 1 | 0 | 1 | |
CWE-527 | Exposure of CVS Repository to an Unauthorized Control Sphere The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors. | 0 | 1 | 0 | 0 | 1 | |
CWE-391 | Unchecked Error Condition [PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed. | 0 | 1 | 0 | 0 | 1 | |
CWE-24 | Path Traversal: '../filedir' The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ../ sequences that can resolve to a location that is outside of that directory. | 0 | 1 | 0 | 0 | 1 | |
CWE-233 | Improper Handling of Parameters The software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined. | 0 | 1 | 0 | 0 | 1 | |
CWE-201 | Information Exposure Through Sent Data The code transmits data to another actor, but the data contains sensitive information that should not be accessible to the actor that is receiving the data. | 0 | 1 | 0 | 0 | 1 | |
CWE-334 | Small Space of Random Values The number of possible random values is smaller than needed by the product, making it more susceptible to brute force attacks. | 0 | 1 | 0 | 0 | 1 | |
CWE-789 | Uncontrolled Memory Allocation The product allocates memory based on an untrusted size value, but it does not validate or incorrectly validates the size, allowing arbitrary amounts of memory to be allocated. | 0 | 1 | 0 | 0 | 1 | |
CWE-256 | Unprotected Storage of Credentials Storing a password in plaintext may result in a system compromise. | 0 | 1 | 0 | 0 | 1 | |
CWE-126 | Buffer Over-read The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. | 0 | 0 | 0 | 1 | 1 |